BYOD Security Issues Cause Headaches for Employees, IT Pros

The findings are the result of two surveys conducted by the data protection specialist on “bring your own device” (BYOD) adoption.

Users are challenging, and even rejecting, traditional mobile-device management (MDM) solutions, fearing their employers' ability to access, alter or delete personal data stored on their mobile devices, according to a survey by Bitglass.
In addition, the report found that 40 percent of security administrators have chosen not to participate in the very same mobile policies they are enforcing for their organization.
The findings are the result of two surveys the data protection specialist conducted on “bring your own device” (BYOD) adoption, challenges and overall effectiveness.
One survey focused on end users—capturing opinions from 2,021 smartphone-toting employees—while the second survey captured the view of 227 IT security professionals with responsibility for mobility in their organization.

The report found 57 percent of users and 38 percent of IT professionals do not participate in a company BYOD program because they do not want employers’ IT departments to have visibility into their personal data and applications.

However, just over two-thirds (67 percent) of employees said they would participate in a BYOD program if employers had the ability to protect corporate data, but couldn’t view, alter or delete personal data and applications.
"The most surprising finding was the wide discrepancy between desire to participate in BYOD and actual participation rates," Rich Campagna, vice president of products and marketing at Bitglass, told eWEEK. "This is due to organizations taking undue control over personal devices and poor communications of what can be monitored and controlled by IT."
About two-thirds (64 percent) of IT pros believe such a solution would make their BYOD program more successful.
Nearly eight in 10 (78 percent) employees said they are not likely to participate in a BYOD program if their employer has visibility into personal applications or locations.
Nearly two-thirds (64 percent) would not participate in a BYOD program at work where their employer has the ability to wipe their personal mobile device to protect its proprietary information if they leave the organization.
"Low adoption and deployment complexity has given some a negative view of BYOD, but the survey data is clear—BYOD can be successful, but only if IT deploys solutions that meet employees' terms in addition to [the employers’] own," Campagna said.
Although 78 percent of employees said they understand that companies need to protect their proprietary information, they added that the employer should not have the ability to wipe personal data from the mobile device.
The survey also indicated that mobile application management (MAM) is struggling to find acceptance among users and IT staff—38 percent of IT security professionals do not personally participate in their own BYOD programs because they do not want software on their personal devices.
"MAM platforms have run into challenges with breaking applications, running afoul of app licensing agreements, and inability to control third-party app store applications," Campagna explained. "Next-generation, data-centric mobile security solutions avoid application dependencies by securing the data rather than the application."